EvilZone

Programming and Scripting => Assembly - Embedded => Topic started by: R4k0Z on April 16, 2015, 01:04:53 AM

Title: [ASM] Functions and Stack
Post by: R4k0Z on April 16, 2015, 01:04:53 AM

Hi everyone, i've been reading about shellcode (i know asm but for microcontrollers) and have a little doubt about this piece of code:

Code: [Select]

GetLibrary:
      call LibraryReturn
      db 'user32.dllN'

LibraryReturn:
      pop ecx                   ;get the library string
      mov [ecx + 10], dl        ;insert NULL (edx was cleared right before)
      mov ebx, 0x77e7d961       ;LoadLibraryA(libraryname);
      push ecx                  ;beginning of user32.dll
      call ebx                  ;eax will hold the module handle

My question is, does "db 'user32.dllN'" even execute before "call LibraryReturn"?


if it does, does it push the beginning of the string to the stack? or how does it end there so you can pop it into ecx?


Thank you in advance :)

Title: Re: [ASM] Functions and Stack
Post by: HTH on April 16, 2015, 02:58:36 AM

Db isnt an instruction that "executes" when it is assembled it literally sets those bytes to that value. Usually for use with a pointer to said data. Thats the point. The rest happens because when you call a function the return point (the address of the bytes defined as the library name) gets pushed for when returning.

So it pops it off, does its thing with the data, then pushes it back because it stills needs to return.

So in short, that data isnt manipulated at all, they're just using a kinda near trick to pass a reference to it.

Title: Re: [ASM] Functions and Stack
Post by: R4k0Z on April 16, 2015, 04:07:45 AM

Thank you very much :)